Security News > 2021 > February > Container security is a priority, but who’s responsibility is it?

When it comes to the role that security plays as more enterprises shift left to protect applications from the beginning of development, implement DevOps processes and cultures, and accelerate workflow productivity, 76% of respondents report that container security is a clear priority at their organization.

Questions over container security responsibilities within enterprises, how to balance security with performance, and how to respond to security incidents are far from settled.

There is little consensus on who owns the responsibility for container security: Among respondents, 32% consider container security their organization's single most important priority as they roll out containers and Kubernetes initiatives; another 44% report it as among their top priorities.

Nearly two-thirds of respondents would curtail security to maintain high CI/CD velocity: Somewhat contrary to respondents' stated prioritization of security, 63% of respondents acknowledge that they would curtail or restrain security measures in order to maintain high velocity production.

On a positive note, 61% of respondents do use Kubernetes Pod security and/or network security policies, and many supplement those native policies with vulnerability scanning, along with network inspection and blocking.

"At the same time, the fact that a disproportionate number of enterprises would sacrifice security for productivity is both troubling and misguided. We advise organizations to recognize security as essential to the success of their container and Kubernetes implementations, and to select security capabilities that can enable development agility while still achieving fully reliable protection."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/cDbUht18i_c/